WS-2017-3737 (Medium) detected in shelljs-0.3.0.tgz #65

mend-bolt-for-github · 2019-07-05T04:43:02Z

WS-2017-3737 - Medium Severity Vulnerability

Vulnerable Library - shelljs-0.3.0.tgz

Portable Unix shell commands for Node.js

Library home page: https://registry.npmjs.org/shelljs/-/shelljs-0.3.0.tgz

Path to dependency file: /curratelo/package.json

Path to vulnerable library: /tmp/git/curratelo/node_modules/shelljs/package.json

Dependency Hierarchy:

pillars-0.3.7.tgz (Root Library)
- textualization-0.6.2.tgz
  - jshint-2.10.2.tgz
    - ❌ shelljs-0.3.0.tgz (Vulnerable Library)

Found in HEAD commit: de78840aa751d4c3a00a4c4e73d60233d1f751e4

Vulnerability Details

Shelljs 0.8.3 and before are vulnerable to Command Injection. Commands can be invoked from shell.exec(), those commands will include input from external sources, to be passed as arguments to system executables and allowing an attacker to inject arbitrary commands.

Publish Date: 2019-06-16

URL: WS-2017-3737

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jul 5, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2017-3737 (Medium) detected in shelljs-0.3.0.tgz #65

WS-2017-3737 (Medium) detected in shelljs-0.3.0.tgz #65

mend-bolt-for-github bot commented Jul 5, 2019

WS-2017-3737 (Medium) detected in shelljs-0.3.0.tgz #65

WS-2017-3737 (Medium) detected in shelljs-0.3.0.tgz #65

Comments

mend-bolt-for-github bot commented Jul 5, 2019

WS-2017-3737 - Medium Severity Vulnerability